package com.platform.filter;
import com.platform.common.Const;
import com.platform.dao.RolePermissionMapper;
import com.platform.pojo.User;
import com.platform.service.IRolePermissionService;
import com.platform.service.IRoleService;
import com.platform.util.PropertiesUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * Created by Administrator on 2018/4/23 0023.
 */
public class UserFileter implements Filter {

    @Autowired
    private RolePermissionMapper rolePermissionMapper;

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

        HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        httpResponse.setHeader("Access-Control-Allow-Origin","*");
        httpResponse.setHeader("Access-Control-Allow-Methods","POST");
        httpResponse.setHeader("Access-Control-Allow-Headers","Access-Control");
        httpResponse.setHeader("Allow","POST");
        HttpSession session = httpRequest.getSession(true);
        Object object = session.getAttribute(Const.CURRENT_USER);
        //判断是否登录
        User user = object == null ? null : (User) object;
        if (user == null) {
            httpResponse.sendRedirect("/error/404.html");
            boolean isAjaxRequest = isAjaxRequest(httpRequest);
            if (isAjaxRequest) {
                httpResponse.sendRedirect("/error/404.html");
            }
            return;
        }
        if(user != null){
            //获取访问路径方法
            String requestUrl = httpRequest.getRequestURI().toString();
            if(null == rolePermissionMapper){
                ApplicationContext ac =
                        WebApplicationContextUtils.getWebApplicationContext(((HttpServletRequest) servletRequest).getSession().getServletContext());
                rolePermissionMapper = (RolePermissionMapper)ac.getBean("rolePermissionMapper");
            }
            //查询该用户是否拥有该访问路径的权限，如没有，则跳至404页面
            Integer countResult = rolePermissionMapper.checkByUserIdAndUrl(user.getUsername(),requestUrl);
            if(null == countResult || countResult == 0){
                httpResponse.sendRedirect(PropertiesUtil.getProperty("error.404"));
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }

    @Override
    public void destroy() {

    }

    /**
     * 判断是否为Ajax请求
     *
     * @param request HttpServletRequest
     * @return 是true, 否false
     */
    public static boolean isAjaxRequest(HttpServletRequest request) {
        return request.getRequestURI().startsWith("/api");
        /*String requestType = request.getHeader("X-Requested-With");
        return requestType != null && requestType.equals("XMLHttpRequest");*/
    }
}
